jketreno/ketr.photos
1
0
Fork 0
Code Issues 1 Activity

Login and account creation working

Browse Source 
Signed-off-by: James Ketrenos <james_git@ketrenos.com>
This commit is contained in:
James Ketr 2018-09-27 15:26:37 -07:00
parent d3c08b5389
commit 698cd6a202
3 changed files with 137 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
frontend/src/ketr-photos/ketr-photos.html
View File

@ -377,7 +377,11 @@
Unfortunately, I haven't built this part of the site yet... send me an email (james @ ketrenos.com)
and I'll create an account for you.
</div>
<paper-button dialog-dismiss>close</paper-button>
<paper-input tabindex=0 autofocus id="username" label="User ID" value="{{username}}" on-keypress="enterCheck"></paper-input>
<paper-input tabindex=0 id="password" label="Password" type="password" value="{{password}}" on-keypress="enterCheck"></paper-input>
<paper-input tabindex=0 id="name" label="Display name" value="{{name}}" on-keypress="enterCheck"></paper-input>
<paper-input tabindex=0 id="mail" label="E-mail" value="{{mail}}" on-keypress="enterCheck"></paper-input>
<paper-button tabindex=0 id="createButton" disabled$="[[disableCreate(username,name,password,mail)]]" on-tap="create" raised><div hidden$="[[loggingIn]]">create</div><div hidden$="[[!loggingIn]]"><paper-spinner active$="[[loggingIn]]"></paper-spinner></div></paper-button>
</div>
</paper-dialog>
<paper-toast id="toast"></paper-toast>
@ -399,6 +403,14 @@
type: String,
value: ""
},
name: {
type: String,
value: ""
},
mail: {
type: String,
value: ""
},
years: {
type: Array,
value: []
@ -462,19 +474,23 @@
return !username || username == "" || !password || password == "";
},
disableCreate: function(username, name, mail, password) {
return !username || username == "" ||
!password || password == "" ||
!name || name == "" ||
!mail || mail == "";
},
enterCheck: function(event) {
if (event.key == 'Enter') {
if (event.currentTarget.id == "username") {
event.preventDefault();
this.async(function() {
this.$.password._focusableElement.focus();
}, 100);
return;
}
if (event.currentTarget.id == "password") {
event.preventDefault();
this.login();
var next = event.currentTarget.nextElementSibling;
event.preventDefault();
if (next.tagName.toLowerCase() == "paper-button") {
next.click();
} else {
this.async(function(next) {
next._focusableElement.focus();
}.bind(this, next), 100);
return;
}
}
@ -516,6 +532,7 @@
this.loading = false;
this.password = "";
var user;
if (error) {
this.user = null;
this.$.toast.text = error;
@ -543,6 +560,53 @@
}.bind(this), null, "POST", { u: this.username, p: this.password });
},
create: function(event) {
if (this.loading) {
return;
}
this.loading = true;
this.loggingIn = true;
this.user = null;
window.fetch("api/v1/users/create", function(error, xhr) {
this.loggingIn = false;
this.loading = false;
this.password = "";
var user;
this.$.requestAccess.close();
if (error) {
this.user = null;
this.$.toast.text = error;
this.$.toast.setAttribute("error", true);
this.$.toast.updateStyles();
this.$.toast.show();
console.error("Invalid login information.");
return;
}
try {
user = JSON.parse(xhr.responseText);
} catch(___) {
this.$.toast.text = "Unable to load/parse user information.";
this.$.toast.setAttribute("error", true);
this.$.toast.updateStyles();
this.$.toast.show();
console.error("Unable to parse user information");
return;
}
if (user && user.username) {
this.user = user;
}
}.bind(this), null, "POST", {
u: this.username,
p: this.password,
n: this.name,
m: this.mail
});
},
logout: function(event) {
window.fetch("api/v1/users/logout", function(error, xhr) {
this.user = null;

65
server/routes/users.js
View File

@ -2,7 +2,8 @@
const express = require("express"),
config = require("config"),
LdapAuth = require("ldapauth-fork");
LdapAuth = require("ldapauth-fork"),
crypto = require("crypto");
const router = express.Router();
@ -29,7 +30,7 @@ router.get("/", function(req, res/*, next*/) {
function ldapPromise(username, password) {
if (!ldap) {
throw "LDAP not being used";
return Promise.reject("LDAP not being used");
}
return new Promise(function(resolve, reject) {
ldap.authenticate(username, password, function(error, user) {
@ -41,6 +42,51 @@ function ldapPromise(username, password) {
});
}
router.post("/create", function(req, res) {
let username = req.query.u || req.body.u || "",
password = req.query.p || req.body.p || "",
name = req.query.n || req.body.n || username,
mail = req.query.m || req.body.m;
if (!username || !password || !mail || !name) {
return res.status(400).send("Missing user id, name, password, and/or email");
}
let query = "SELECT * FROM users WHERE uid=:username";
return userDB.sequelize.query(query, {
replacements: {
username: username
},
type: userDB.Sequelize.QueryTypes.SELECT
}).then(function(results) {
if (results.length != 0) {
return res.status(400).send("Username already exists.");
}
return userDB.sequelize.query("INSERT INTO users " +
"(uid,displayName,password,mail,memberSince,authenticated) " +
"VALUES(:username,:name,:password,:mail,CURRENT_TIMESTAMP,0)", {
replacements: {
username: username,
name: name,
password: crypto.createHash('sha256').update(password).digest('base64'),
mail: mail
}
}).then(function(results) {
/*
req.session.user = {
name: name,
mail: mail,
username: username,
};
return res.status(200).send(req.session.user);
*/
req.session.user = {};
return res.status(401).send("Account has not been authenticated.");
});
});
});
router.post("/login", function(req, res) {
let username = req.query.u || req.body.u || "",
password = req.query.p || req.body.p || "";
@ -51,23 +97,24 @@ router.post("/login", function(req, res) {
return res.status(400).send("Missing username and/or password");
}
/* We use LDAP as the primary authenticator; if the user is not
* found there, we look them up in the site-specific user database */
/* We use LDAP as the primary authenticator; if the user is not
* found there, we look them up in the site-specific user database */
return ldapPromise(username, password).then(function(user) {
return user;
}).catch(function() {
let query = "SELECT * FROM users WHERE uid=:username";
console.log("User not found in LDAP. Looking up in DB.");
let query = "SELECT * FROM users WHERE uid=:username AND password=:password";
return userDB.sequelize.query(query, {
replacements: {
username: username,
password: crypto.createHash('sha256').update(password).digest('base64')
},
type: userDB.Sequelize.QueryTypes.SELECT
}).then(function(users) {
if (users.length != 1) {
return null;
}
return users[0];
});
}).then(function(user) {
@ -77,6 +124,12 @@ router.post("/login", function(req, res) {
return res.status(401).send("Invalid login credentials");
}
if (!user.authenticated) {
console.log(username + " not authenticated.");
req.session.user = {};
return res.status(401).send("Account has not been authenticated.");
}
console.log("Logging in as " + user.displayName);
req.session.user = {

3
server/scanner.js
View File

@ -246,8 +246,6 @@ function processBlock(items) {
created = asset.stats.ctime,
albumId = asset.album.id;
console.log(picturesPath, path, file);
let tmp = Promise.resolve(file);
/* If this is a Nikon RAW file, convert it to JPG and move to /raw dir */
if (rawExtension.exec(file)) {
@ -496,6 +494,7 @@ function findOrCreateDBAlbum(album) {
if (!album.parent) {
console.warn("Creating top level album: " + picturesPath);
}
console.log("album: " + album.path);
return photoDB.sequelize.query("INSERT INTO albums (path,parentId,name) VALUES(:path,:parentId,:name)", {
replacements: album
}).spread(function(results, metadata) {